According to Geoff Hutchison:
> A few days ago, I e-mailed about the ITS4 automated security scanner.
> I tried it out on the code and it found a few places to inspect. I'm
> including the most verbose version (this one complains about memcpy)
> as an attachment. The author, John Viega <John@list.org>, also said
> that he'd consider doing a full audit of our source.
>
> I don't know what sorts of bugs remain, but getting some help
> auditing the code would be welcome.